Sophos Girls in Coding Day encourages young women to pursue cybersecurity careers

Sophos CareersWe want to do our part to encourage young people, and especially young women, to pursue careers in cybersecurity. So we’re delighted to host our first ever Girls in Coding Day, an event designed to engage, motivate and challenge the brightest aspiring female programmers in the UK.

About 40 girls aged 14-18 from area schools will spend the day at our global headquarters in Abingdon, England, where they’ll participate in a DEFCON-style coding challenge, tour SophosLabs, hear from our cybersecurity experts, and meet with some of the impressive young women from our internship and graduate programs.

Some of these interns and graduates told us about how they became interested in cybersecurity, gave us their thoughts on how to bring more women into the IT industry, and explained why they chose Sophos to help them launch their careers. Here’s what they said.

Continue reading

SophosLabs researchers see rise in cross-platform mobile malware

SophosLabsPeople are always looking to save time and money, and hopefully both, with technology. Businesses and consumers love smartphones and computers because they are massively multi-functional, super-fast and efficient. We’ve been doing this for a long time – the spork, that funny looking multi-purpose utensil, dates back to 1874!

More recently, mobile application developers have used cross-platform development tools to increase efficiency in churning out apps that work in all three of the major mobile operating systems – Android, iOS and Windows.

Malware authors are no different. At SophosLabs, we have seen an increase in malicious apps written with cross-platform development tools such as PhoneGap, Titanium, Unity, Xamarin and Cocos2d.

Continue reading

Can we test APT defenses even if we can’t agree on how to define APTs?

sophoslabs-150In the past few years, a lot of media outlets, and even some security vendors, have hyped up the threat of so-called advanced persistent threats (APTs), frequently associating them with nation-state attackers using unheard of zero-day exploits to break into high-profile targets.

In fact, there’s a lot of disagreement about how we should define APTs. How do you define “advanced” attacks when so many APTs leverage old exploits that have available security patches, and social engineering techniques frequently used by “common” cybercriminals? This leads to confusion among IT professionals and small businesses, many of whom don’t know what an APT is.

More sober minds tend to favor the term “targeted attacks.” Nevertheless, there are plenty of security products on the market today that offer protection against “APTs,” which poses a conundrum: how can you test these products to find out if they adequately protect against these threats without an agreed-upon definition of APTs?

Continue reading

How SophosLabs uses automation to analyze threats

SophosLabsThe Gameover Zeus and Shylock botnets were destroyed by law enforcement takedowns last year, in two of the most successful actions against financial malware. And yet malware families like Dridex, Dyreza and Vawtrak continue to prey on users of online banking around the world.

Clearly, the fight against cyberthreats isn’t easy, but SophosLabs is developing technologies that improve our ability to understand and respond to threats more efficiently and effectively.

SophosLabs Senior Threat Researcher James Wyke, in a new research paper presented at the Virus Bulletin International Conference, gives us a behind-the-scenes look at an automated system for extracting valuable information from banking malware families.

Continue reading

SophosLabs looks back at what Android 5 gave us to take into the Marshmallow era

android-150Android has developed a bit of a reputation for poor security, especially compared to Apple iOS, thanks to numerous vulnerabilities like the recent Stagefright and the explosion of Android malware in recent years.

Google has certainly taken steps to address some of the inherent weaknesses in the Android platform, with Android 5.0 (Lollipop) adding features that merit closer inspection – as SophosLabs researchers Rowland Yu and William Lee have done in an excellent paper they presented at the recent Virus Bulletin International Conference.

Their paper – titled “Will Android Trojan, Worm or Rootkit Survive in SEAndroid and Containerization?” – examines these new security features in Android 5.0, and what they mean for data security in corporate devices.

Continue reading

When penguins attack: Does Linux power the malware underground?

LinuxThe malware ecosystem is a complex environment. Criminals must acquire victims, develop scams and figure out the most effective way to turn that activity into cash. Most Internet crimes are opportunistic, meaning that online attacks are best operated as a high-volume business.

The keys to profitability are the ability to exploit a high percentage of potential victims, being able to cast a wide net to gather said victims, and some sort of payload that can steal information or extort money from a victim.

In research conducted in February 2015 at SophosLabs in Vancouver, Canada, we found that Linux machines represented approximately 80% of the 178,635 newly malicious websites discovered by Sophos during that week. This compares to approximately 73% of all websites being served by non-Windows servers.

Why should this be the case? What leads Linux to be such an integral part of malware distribution?

Continue reading

Why Word malware is BASIC: SophosLabs takes apart a booby-trapped document

Thanks to Graham Chantry of SophosLabs,
whose research and analysis form the core of this article.

SophosLabsWhen you think of widely-used programming languages, you probably come up with a mental list such as C, C++, Java and JavaScript.

But Microsoft VBA, or Visual Basic for Applications, should be up there too, because of its broad-brush popularity.

VBA is a modern-day dialect of BASIC, the original easy-to-learn-and-use programming language for beginners and experts alike.

It is built into many Microsoft applications, notably the components of Microsoft Office.

You can use it for all sorts of automation tasks right inside your own documents and spreadsheets, so it’s the sort of programming language that is as likely to be used by accountants and auditors as by software engineers and sysdamins.

Of course, once you add VBA code to a Word document, that file is no longer just so much harmless data, because it has a BASIC program buried inside.

Continue reading